From e1212bed0e6d27dddcffd5e826c272e572fe475a Mon Sep 17 00:00:00 2001 From: matthew Date: Tue, 20 Jul 2010 15:36:03 +0000 Subject: [PATCH] Switch some obvious network stack MAC comparisons from bcmp() to timingsafe_bcmp(). ok deraadt@; committed over WPA. --- sys/crypto/key_wrap.c | 4 ++-- sys/net/if_spppsubr.c | 4 ++-- sys/net80211/ieee80211_crypto.c | 4 ++-- sys/net80211/ieee80211_crypto_bip.c | 4 ++-- sys/net80211/ieee80211_crypto_ccmp.c | 4 ++-- sys/net80211/ieee80211_crypto_tkip.c | 4 ++-- sys/netinet/ip_ah.c | 4 ++-- sys/netinet/ip_carp.c | 4 ++-- sys/netinet/ip_esp.c | 4 ++-- sys/netinet/tcp_input.c | 6 +++--- 10 files changed, 21 insertions(+), 21 deletions(-) diff --git a/sys/crypto/key_wrap.c b/sys/crypto/key_wrap.c index e99e74b9df2..b9009ad54b3 100644 --- a/sys/crypto/key_wrap.c +++ b/sys/crypto/key_wrap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key_wrap.c,v 1.1 2008/08/12 15:43:00 damien Exp $ */ +/* $OpenBSD: key_wrap.c,v 1.2 2010/07/20 15:36:03 matthew Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -108,5 +108,5 @@ aes_key_unwrap(aes_key_wrap_ctx *ctx, const u_int8_t *C, u_int8_t *P, size_t n) memset(B, 0, sizeof B); /* check that A is an appropriate initial value */ - return memcmp(A, IV, 8) != 0; + return timingsafe_bcmp(A, IV, 8) != 0; } diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index f2af5381f69..69ee2eeeec2 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_spppsubr.c,v 1.80 2010/05/01 08:14:26 mk Exp $ */ +/* $OpenBSD: if_spppsubr.c,v 1.81 2010/07/20 15:36:03 matthew Exp $ */ /* * Synchronous PPP/Cisco link level subroutines. * Keepalive protocol implemented in both Cisco and PPP modes. @@ -3903,7 +3903,7 @@ sppp_chap_input(struct sppp *sp, struct mbuf *m) #define SUCCMSG "Welcome!" if (value_len != sizeof digest || - bcmp(digest, value, value_len) != 0) { + timingsafe_bcmp(digest, value, value_len) != 0) { /* action scn, tld */ sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, sizeof(FAILMSG) - 1, (u_char *)FAILMSG, diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 64ab098eae5..28afffa824c 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto.c,v 1.58 2009/02/13 17:24:54 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto.c,v 1.59 2010/07/20 15:36:03 matthew Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -485,7 +485,7 @@ ieee80211_eapol_key_check_mic(struct ieee80211_eapol_key *key, memset(key->mic, 0, EAPOL_KEY_MIC_LEN); ieee80211_eapol_key_mic(key, kck); - return memcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0; + return timingsafe_bcmp(key->mic, mic, EAPOL_KEY_MIC_LEN) != 0; } #ifndef IEEE80211_STA_ONLY diff --git a/sys/net80211/ieee80211_crypto_bip.c b/sys/net80211/ieee80211_crypto_bip.c index efa96835521..b69fac41d73 100644 --- a/sys/net80211/ieee80211_crypto_bip.c +++ b/sys/net80211/ieee80211_crypto_bip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_bip.c,v 1.2 2009/01/26 19:09:41 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto_bip.c,v 1.3 2010/07/20 15:36:03 matthew Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -201,7 +201,7 @@ ieee80211_bip_decap(struct ieee80211com *ic, struct mbuf *m0, AES_CMAC_Final(mic, &ctx->cmac); /* check that MIC matches the one in MMIE */ - if (memcmp(mic, mic0, 8) != 0) { + if (timingsafe_bcmp(mic, mic0, 8) != 0) { ic->ic_stats.is_cmac_icv_errs++; m_freem(m0); return NULL; diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index d491c20168f..4b246d088aa 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.10 2009/09/24 16:03:10 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto_ccmp.c,v 1.11 2010/07/20 15:36:03 matthew Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -445,7 +445,7 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0, /* check that it matches the MIC in received frame */ m_copydata(m, moff, IEEE80211_CCMP_MICLEN, mic0); - if (memcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) { + if (timingsafe_bcmp(mic0, b, IEEE80211_CCMP_MICLEN) != 0) { ic->ic_stats.is_ccmp_dec_errs++; m_freem(m0); m_freem(n0); diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index ffd04f79e87..08375f263ad 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.17 2009/10/30 20:32:25 damien Exp $ */ +/* $OpenBSD: ieee80211_crypto_tkip.c,v 1.18 2010/07/20 15:36:03 matthew Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini @@ -454,7 +454,7 @@ ieee80211_tkip_decrypt(struct ieee80211com *ic, struct mbuf *m0, /* compute TKIP MIC over decrypted message */ ieee80211_tkip_mic(n0, hdrlen, ctx->rxmic, mic); /* check that it matches the MIC in received frame */ - if (memcmp(mic0, mic, IEEE80211_TKIP_MICLEN) != 0) { + if (timingsafe_bcmp(mic0, mic, IEEE80211_TKIP_MICLEN) != 0) { m_freem(m0); m_freem(n0); ic->ic_stats.is_rx_locmicfail++; diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index eae796f36af..013c0fdb9ad 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.97 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.98 2010/07/20 15:36:03 matthew Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -815,7 +815,7 @@ ah_input_cb(void *op) ptr = (caddr_t) (tc + 1); /* Verify authenticator. */ - if (bcmp(ptr + skip + rplen, calc, ahx->authsize)) { + if (timingsafe_bcmp(ptr + skip + rplen, calc, ahx->authsize)) { free(tc, M_XDATA); DPRINTF(("ah_input(): authentication failed for " diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index af64fd19e40..0ba78e71bf3 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_carp.c,v 1.175 2010/04/25 17:38:53 mpf Exp $ */ +/* $OpenBSD: ip_carp.c,v 1.176 2010/07/20 15:36:03 matthew Exp $ */ /* * Copyright (c) 2002 Michael Shalayeff. All rights reserved. @@ -392,7 +392,7 @@ carp_hmac_verify(struct carp_vhost_entry *vhe, u_int32_t counter[2], for (i = 0; i < HMAC_MAX; i++) { carp_hmac_generate(vhe, counter, md2, i); - if (!bcmp(md, md2, sizeof(md2))) + if (!timingsafe_bcmp(md, md2, sizeof(md2))) return (0); } return (1); diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 66f50499e50..a843c0eb18e 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.110 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.111 2010/07/20 15:36:03 matthew Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -559,7 +559,7 @@ esp_input_cb(void *op) ptr = (caddr_t) (tc + 1); /* Verify authenticator */ - if (bcmp(ptr, aalg, esph->authsize)) { + if (timingsafe_bcmp(ptr, aalg, esph->authsize)) { free(tc, M_XDATA); DPRINTF(("esp_input_cb(): authentication failed for packet in SA %s/%08x\n", ipsp_address(tdb->tdb_dst), ntohl(tdb->tdb_spi))); espstat.esps_badauth++; diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 3516af7deb8..d923a3c6713 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.234 2010/07/09 16:58:06 reyk Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.235 2010/07/20 15:36:03 matthew Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -2351,7 +2351,7 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th, if (optlen != TCPOLEN_SIGNATURE) continue; - if (sigp && bcmp(sigp, cp + 2, 16)) + if (sigp && timingsafe_bcmp(sigp, cp + 2, 16)) return (-1); sigp = cp + 2; @@ -2419,7 +2419,7 @@ tcp_dooptions(struct tcpcb *tp, u_char *cp, int cnt, struct tcphdr *th, if (tcp_signature(tdb, tp->pf, m, th, iphlen, 1, sig) < 0) return (-1); - if (bcmp(sig, sigp, 16)) { + if (timingsafe_bcmp(sig, sigp, 16)) { tcpstat.tcps_rcvbadsig++; return (-1); } -- 2.20.1